For the third straight year, elite hackers from around the world who spent a long weekend hacking into voting equipment have released a report detailing vulnerabilities in machines still in use across the country.
Each of the more than 100 machines the researchers looked at were vulnerable to at least some kind of attack, said Georgetown professor Matt Blaze, one of the Def Con Voting Village’s organizers.
The report will be of particular concern to lawmakers going into next year’s Presidential election.
“I’m going to get this in the hands in every member of the US Senate,” said Oregon senator Ron Wyden, the most outspoken election security advocate in the Senate, as he introduced the Def Con Voting Village report.
As in previous years, the Voting Village collected versions of voting equipment used around the country, much of it ordered from eBay, and invited all of the more than 35,000 attendees of the Def Con hacker conference, which took place in Las Vegas in August, to see what kind of holes they could find.
Some of machines were found to be vulnerable to remote attack and one electronic pollbook had a hidden ethernet cable to connect it to the internet.
The issue is less that skilled hackers can break into election equipment, Blaze told CNN, and more that elections systems as a whole need to both minimize risk and double-check election results with paper ballots after every election.
“We know these machines are vulnerable, and what’s important is we use machines like those that produce paper ballots that can tolerate the vulnerabilities rather than fail completely because of them. And that means paper ballots and risk-limiting audits,” he said.
The Voting Village has had a contentious, though improving, relationship with US election equipment vendors. Organizers were in talks with Dominion, the country’s second-largest provider of voting hardware and software, but those fell through in the days before the conference. In recent months the industry has pivoted away from providing machines that don’t produce a paper trail — except for certain circumstances with equipment made for people with disabilities — and agreed with security experts that states should be encouraged to upgrade to new machines that use paper ballots.
But upgrades cost money, and even with federal funding, it’s impossible to make machines that can be expected to withstand a full-fledged nation-state attack, said Dominion spokesperson Kay Stimson.
“There are no realistic cost or resource comparisons between securing election systems against nation-state threats, versus securing national defense systems against nation-state threats,” Stimson told CNN.
Following accusations that he’d been blocking election security legislation, Senate Majority Leader Mitch McConnell last week backed an amendment to give states an additional $250 million to distribute for election security.
But experts have questioned whether that’s enough money to get the US to an acceptable level of election security.
“Yes, $250 million is a great step forward, but what’s next?” asked Chris Krebs, head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
“News that the Senate is planning to support money for election security is an important step in the right direction after months of back-and-forth,” Larry Norden, director of Brennan Center’s election reform program, told CNN. “But the fight to secure the nation’s election infrastructure is far from over.”